MCTS 70-680: Bitlocker and Recovery

Author: itfreetraining
65918 View
13m 1s Lenght
102 Rating

If you not able to access your BitLocker or BitLocker to Go drive you are going to need some way to recover the data. This video looks at recovery options that are available for BitLocker and BitLocker to Go. These include the recovery key and also how to configure a Data Recovery Agent (DRA) for both BitLocker and BitLocker to Go. There are two ways that you can recovery BitLocker if you lost/forget the password or the keys inside a TPM are lost, for example you change hardware or change the boot sector or bios. One way is with the recovery key that is created every time that you encrypt a drive either with BitLocker or with BitLocker to Go. The second method is to configure a Data Recovery Agent (DRA). A DRA is a user that has access to the data on the BitLocker drive. The advantage of a DRA is that you don't have to manage all the recovery keys. Each time you use BitLocker or BitLocker to Go a new recovery key will be created. Recovery Keys When you run the wizard for BitLocker or BitLocker to Go the recovery key can be saved or printed out. Regardless of which you choose you should keep it in a safe place. It is not wise to copy the recovery key to the drive that you encrypted as you won't be able to access the recovery key in an emergency. In a large organization you may want to store the recovery keys on a share or in Active Directory. This can be configured using group policy. Data Recovery Agent (DRA) Before you start encryption drives using BitLocker or BitLocker to Go you should configure a DRA. A DRA will only be able to access drives that were encrypted after the DRA was setup. A new DRA cannot decrypt drives that were encrypt before it was configured. Group Policy Listed below are the BitLocker group policy settings and the DRA group policy settings. In order to use the recovery agent you will need to configure the organization in the BitLocker group policy as well as the settings in the DRA group policy. BitLocker Group Policy These settings configure the BitLocker settings. Only the first setting is required for a DRA. The DRA group policy settings are listed next. General BitLocker settings are found under: Computer configuration-Administrative templates-Windows components-BitLocker Drive Encryption Provide the unique identifiers for your organization-This setting is required for the DRA group policy settings below. It sets an organization name for BitLocker to identify which BitLocker or BitLocker to Go drives will be used with that DRA. Store BitLocker recovery information in Active Directory Domain Services-This setting when configured will attempt to store the Active Directory recovery key in Active Directory. If this fails you can configure Windows to prevent the drive being encrypted or allow it anyway. Choose default folder for recovery password-This allows you to configure a share to store the recovery keys to. Choose how users can recover BitLocker-protected drives-This settings controls how and if the user can save the recovery key using the wizard. If you plan on saving the keys in Active Directory or a share you may want to deny the user the ability to save the key to ensure that there are not multiple copies of the recovery key. Choose drive encryption method and cipher strength-Determines the level of encryption that will be used. 128 or 256bit. Choose how users can recover BitLocker-protected drives-This setting determines which recovery options the user will have. For example which recovery keys are available. DRA Settings Group Policy To configure a new DRA right click the follow group policy setting listed below and select add Data Recovery Agent. The wizard will then ask you for the certificate that you want to use for that user. Computer configuration-Polices-Windows Settings-Security Settings-Public key polices-BitLocker Drive encryption See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for are always free training videos. This is only one video from the many free courses available on YouTube.

Comments

Dear Sir ...my p.w is right but its not working ...and alsoOo not working my recovery key please help meh..!!! :(
Great explanation, thanks. I understand the DRA and how it's set up, but I'm still confused on the Unique Identifier. Is this required for a DRA, or is it an additional recovery method for the user if they don't want someone else (like an admin) to access their data?
I have a problem regarding bit locker, I locked my drive with Bit locker and after that due to some reason I had to reinstall my window, after reinstalling I tried to open my bit locked drive but it is not opening and always shows me "The password you entered is incorrect" I am damn sure I am entering correct password, I have downloaded all window updates and almost tried everything I can but I am stuck Please Help me I shall be very grateful for this Thanks in advance
I have password n recovery key ... when I type it hangs........... but when I type password for another drive it works.... please help me sir
I have both recovery Key and password but after formatted my pc(C:\ drive only) both, recovery key or password are going miss match
how can i fix it plz help.
i lost my password and recovery key both
please i have problem i need help i have password bilocker but i lost revovery key plaese kindly i need help ?
I am not finding the bitlocker app in my control panel. I have locked one of dirve by it. I know the password. But as the app is not showing don know how to recover that drive. I have lots of data on that drive. Plz help me
One DRA to rule them all, and in the darkness recover them.
just email me sir ..plzz.^^
i have i different problem here..i tried to unlock my flash drive and my password is correct but it says that: " Bitlocker Drive Encryption failed to recover from an abruptly terminated corversion..This could be due to either all conversion logs being corrupted or the media being write-protected."

And i try to used my Recovery keys but my Recovery keys didn't work .i try all the option i could do .. i copy and paste it or write it directly . but it says again that "your Recovery Keys is incorrect try to write it correctly again..

please help me ..! ^^
sir can i ask something?
please please help me...........?
i have lost my bitlocker password and also recovery key........what can i do? i did not any solution thats why i reinstall my windows 8........but nothing happend i cant access my drive.................please tell me what can i do now
Hello team ,hats off for this outstanding effort..i wandered a lot of sites on internet and a place where I thought my issue can be solved and 'this is it' ,was this....I am in a real mess. ;( .. I have GBs of VERY CRITICAL DATA in my External 1 TB Hard drive "which was Bitlocker Protected "and now it says it is not accessible and the disk structure is corrupted and unreadable. its like one of the worst nightmare for me ..from a couple of days haven't slept properly . dont know what to do..I have a lot of documented project works which took me years to construct, sensitive and important data out there and i cant reach them ..feeling exhausted now..dont know if i can get 'em ever ..

I am using windows 8.1 x-86 ..well i knew the bitlocker password ..and i have removed it..but dont know what to do after that..total blackout AND chaos...CAN YOU HELP ME OUT...??? to my knowledge the disk didn't fell , neither its making any ticking sound..Waiting for ur helping hands..
Excellent job. Very helpful.
ok thanks for explaining, but what the next step after making the dra ?
someone help me: i locked my hard drive with Bitlocker and i only have its password so now when i insert my external hard drive to pc so it give me this message: Error recovering disk J:" A recovery key was not found on this drive. the drive cannot be unlocked."
Maybe Ophcrack may help.
which kind of recovery tools may help me? (can you please send me a link)
yes the operating system is still isntalled.